Author Topic: need help bad (Read 1383 times)

roydede · « **on:** October 09, 2007, 09:18:12 PM »

okay my friend directed me here i downloaded trend micro and here are the results .. hope someone can help me because ive ran every legit spyware remover available and nothing is working

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:52 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ubrxbynk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\aim6\anotify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wevymonq.dll",sitypnow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...06bc5dfc78ec69e
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: DomainService - - C:\WINDOWS\system32\ubrxbynk.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 8673 bytes

guestolo · « **Reply #1 on:** October 09, 2007, 09:21:59 PM »

Hi roydede
I would like to see another couple logs, then we'll do some fixes

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and extra.txt

roydede · « **Reply #2 on:** October 09, 2007, 09:36:44 PM »

main-Deckard's System Scanner v20070905.67
Run by Jolynn on 2007-10-09 21:26:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
56: 2007-10-10 02:26:46 UTC - RP741 - Deckard's System Scanner Restore Point
55: 2007-10-09 02:09:36 UTC - RP740 - System Checkpoint
54: 2007-10-07 23:01:47 UTC - RP739 - System Checkpoint
53: 2007-10-06 08:29:34 UTC - RP738 - Post-Dell Automated PC TuneUp
52: 2007-10-06 08:25:50 UTC - RP737 - Pre-Dell Automated PC TuneUp

-- First Restore Point --
1: 2007-08-19 22:57:04 UTC - RP686 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 254 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Jolynn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:52 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ubrxbynk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jolynn\Local Settings\Temporary Internet Files\Content.IE5\Y1WX0X2F\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jolynn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {087F8CED-C273-40A7-B948-0A2949534D15} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3B288938-9363-41C4-AEBA-9C17E26E328C} - (no file)
O2 - BHO: (no name) - {4798DD3D-FC99-47F8-A746-8B2DA32AC760} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\vadnksyl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A18C2FBC-DAEE-412D-AB72-03399F855874} - (no file)
O2 - BHO: (no name) - {BE008367-EDD9-438E-88FC-91B2EC07130C} - (no file)
O2 - BHO: (no name) - {C5FB7F2D-4338-4EE9-8240-FAD10CD115E4} - (no file)
O2 - BHO: (no name) - {CD0C6ACD-8DA8-4E92-AB57-4A51FF523596} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wevymonq.dll",sitypnow
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...06bc5dfc78ec69e
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\ubrxbynk.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 10512 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\ubrxbynk.exe /service <Not Verified; ; DDC>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

-- Scheduled Tasks -------------------------------------------------------------

2007-10-08 21:38:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-05 18:30:00 348 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILY-Lisa).job
2007-10-01 01:21:09 354 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-09-15 01:22:24 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job

-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-09 21:13:59 0 d-------- C:\Program Files\Trend Micro
2007-10-09 20:34:55 83008 --a------ C:\WINDOWS\system32\wevymonq.dll
2007-10-09 20:31:11 75328 --a------ C:\WINDOWS\system32\jopiatda.exe <Not Verified; ; DDC>
2007-10-09 18:33:22 746032 ---hs---- C:\WINDOWS\system32\qtstv.ini2
2007-10-09 18:05:10 83008 --a------ C:\WINDOWS\system32\fxsiprjx.dll
2007-10-09 18:03:39 75328 --a------ C:\WINDOWS\system32\wxcvuxlo.exe <Not Verified; ; DDC>
2007-10-09 17:46:21 83008 --a------ C:\WINDOWS\system32\qfvolamk.dll
2007-10-09 17:45:34 75328 --a------ C:\WINDOWS\system32\vgvhueex.exe
2007-10-09 17:12:30 75328 --a------ C:\WINDOWS\system32\vqovrxba.exe <Not Verified; ; DDC>
2007-10-09 16:52:17 83008 --a------ C:\WINDOWS\system32\cbkvmfcf.dll
2007-10-09 16:48:06 75328 --a------ C:\WINDOWS\system32\hkqavjml.exe <Not Verified; ; DDC>
2007-10-09 16:38:43 75328 --a------ C:\WINDOWS\system32\bxweofmw.exe <Not Verified; ; DDC>
2007-10-09 16:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-09 15:39:13 83008 --a------ C:\WINDOWS\system32\erarfpai.dll
2007-10-09 15:37:43 75328 --a------ C:\WINDOWS\system32\yshylolw.exe <Not Verified; ; DDC>
2007-10-09 12:39:03 83008 --a------ C:\WINDOWS\system32\qhtooscy.dll
2007-10-09 12:28:54 75328 --a------ C:\WINDOWS\system32\uggrqrag.exe <Not Verified; ; DDC>
2007-10-09 12:21:54 75328 --a------ C:\WINDOWS\system32\ilxvwgju.exe <Not Verified; ; DDC>
2007-10-09 12:16:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-09 12:16:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-10-09 12:10:52 75328 --a------ C:\WINDOWS\system32\naiuelfk.exe <Not Verified; ; DDC>
2007-10-08 22:54:16 83008 --a------ C:\WINDOWS\system32\mbxeoduu.dll
2007-10-08 22:47:21 75328 --a------ C:\WINDOWS\system32\homokjxa.exe
2007-10-08 17:48:11 75328 --a------ C:\WINDOWS\system32\ycfsxlle.exe <Not Verified; ; DDC>
2007-10-08 16:24:06 75328 --a------ C:\WINDOWS\system32\rkigoruw.exe <Not Verified; ; DDC>
2007-10-08 15:36:51 83008 --a------ C:\WINDOWS\system32\ugeklsqf.dll
2007-10-08 15:31:09 75328 --a------ C:\WINDOWS\system32\ljcfatra.exe
2007-10-08 14:04:45 693412 ---hs---- C:\WINDOWS\system32\tbxftmjb.ini2
2007-10-08 14:04:32 83008 --a------ C:\WINDOWS\system32\bjmtfxbt.dll
2007-10-08 14:02:35 75328 --a------ C:\WINDOWS\system32\lgcbsxvq.exe <Not Verified; ; DDC>
2007-10-08 13:58:44 83008 --a------ C:\WINDOWS\system32\xhbsdefi.dll
2007-10-08 13:56:26 75328 --a------ C:\WINDOWS\system32\aonkrvyu.exe <Not Verified; ; DDC>
2007-10-08 13:19:47 83008 --a------ C:\WINDOWS\system32\jvqcdaag.dll
2007-10-08 13:19:44 75328 --a------ C:\WINDOWS\system32\yfyqbmrc.exe <Not Verified; ; DDC>
2007-10-08 13:15:05 75328 --a------ C:\WINDOWS\system32\lbdjhumk.exe <Not Verified; ; DDC>
2007-10-07 16:22:27 83008 --a------ C:\WINDOWS\system32\xuupojsn.dll
2007-10-07 16:20:09 75328 --a------ C:\WINDOWS\system32\wncxuwdd.exe <Not Verified; ; DDC>
2007-10-07 10:17:22 83008 --a------ C:\WINDOWS\system32\qyeyonou.dll
2007-10-07 10:12:19 75328 --a------ C:\WINDOWS\system32\envjysqc.exe <Not Verified; ; DDC>
2007-10-07 02:53:13 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-07 02:52:56 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-10-07 02:52:02 0 d-------- C:\Documents and Settings\Brandon\Application Data\GameHouse
2007-10-07 02:51:44 0 d-------- C:\Program Files\GameHouse
2007-10-07 02:28:54 75328 --a------ C:\WINDOWS\system32\fvhuamji.exe <Not Verified; ; DDC>
2007-10-07 02:23:30 83008 --a------ C:\WINDOWS\system32\apoejafw.dll
2007-10-07 02:17:35 75328 --a------ C:\WINDOWS\system32\fenbmtwj.exe <Not Verified; ; DDC>
2007-10-07 02:02:37 83008 --a------ C:\WINDOWS\system32\manmkare.dll
2007-10-07 01:52:11 75328 --a------ C:\WINDOWS\system32\etgyispb.exe <Not Verified; ; DDC>
2007-10-07 01:48:06 83008 --a------ C:\WINDOWS\system32\suiwuylu.dll
2007-10-07 01:42:05 75328 --a------ C:\WINDOWS\system32\hvldiwhy.exe <Not Verified; ; DDC>
2007-10-06 20:30:15 75328 --a------ C:\WINDOWS\system32\gapgnavx.exe <Not Verified; ; DDC>
2007-10-06 03:49:41 75328 --a------ C:\WINDOWS\system32\qtfkhlke.exe <Not Verified; ; DDC>
2007-10-06 03:07:11 75328 --a------ C:\WINDOWS\system32\gccatdpo.exe <Not Verified; ; DDC>
2007-10-05 05:07:42 83008 --a------ C:\WINDOWS\system32\kxxmyptm.dll
2007-10-05 05:05:58 75328 --a------ C:\WINDOWS\system32\jwqghenw.exe <Not Verified; ; DDC>
2007-10-05 02:50:38 75328 --a------ C:\WINDOWS\system32\yppefkin.exe <Not Verified; ; DDC>
2007-10-05 01:39:00 83008 --a------ C:\WINDOWS\system32\kqkcjnvj.dll
2007-10-05 01:33:01 75328 --a------ C:\WINDOWS\system32\vxsajemr.exe
2007-10-04 12:37:12 83008 --a------ C:\WINDOWS\system32\jbhnkhat.dll
2007-10-04 12:31:24 75328 --a------ C:\WINDOWS\system32\uwxqmooe.exe <Not Verified; ; DDC>
2007-10-04 00:42:03 75328 --a------ C:\WINDOWS\system32\amjsudtr.exe <Not Verified; ; DDC>
2007-10-03 21:33:13 75328 --a------ C:\WINDOWS\system32\tufqconb.exe <Not Verified; ; DDC>
2007-10-03 21:04:05 83008 --a------ C:\WINDOWS\system32\jvoedwyt.dll
2007-10-03 20:58:55 75328 --a------ C:\WINDOWS\system32\hinqntvk.exe
2007-10-03 17:09:33 75328 --a------ C:\WINDOWS\system32\dibdcikd.exe <Not Verified; ; DDC>
2007-10-03 16:56:56 75328 --a------ C:\WINDOWS\system32\npowpqtm.exe <Not Verified; ; DDC>
2007-10-03 16:56:48 743525 ---hs---- C:\WINDOWS\system32\qtstv.bak2
2007-10-03 16:20:48 83008 --a------ C:\WINDOWS\system32\fwptqapm.dll
2007-10-03 16:13:43 75328 --a------ C:\WINDOWS\system32\mfytlfjf.exe <Not Verified; ; DDC>
2007-10-03 15:35:39 75328 --a------ C:\WINDOWS\system32\qxxlkocx.exe <Not Verified; ; DDC>
2007-10-03 15:32:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-03 15:32:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-03 15:32:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-03 15:32:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-03 15:32:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-03 15:32:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-10-03 15:32:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-03 15:32:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-03 15:32:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-03 15:32:00 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-03 15:32:00 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-03 15:31:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-03 15:15:46 83008 --a------ C:\WINDOWS\system32\wbgidriv.dll
2007-10-03 15:13:05 75328 --a------ C:\WINDOWS\system32\hhujnuqk.exe
2007-10-03 15:00:51 75328 --a------ C:\WINDOWS\system32\nwugslfr.exe
2007-10-03 14:35:22 75328 --a------ C:\WINDOWS\system32\jtygmaah.exe
2007-10-03 13:55:42 75328 --a------ C:\WINDOWS\system32\snkpijwh.exe <Not Verified; ; DDC>
2007-10-03 13:31:52 164 --a------ C:\install.dat
2007-10-03 13:29:51 75328 --a------ C:\WINDOWS\system32\jtbyrooj.exe <Not Verified; ; DDC>
2007-10-03 10:43:01 83008 --a------ C:\WINDOWS\system32\ejwydars.dll
2007-10-03 10:40:08 75328 --a------ C:\WINDOWS\system32\bxkfowng.exe
2007-10-03 10:30:17 75328 --a------ C:\WINDOWS\system32\ubrxbynk.exe <Not Verified; ; DDC>
2007-10-02 23:51:33 83008 --a------ C:\WINDOWS\system32\dfyocmvw.dll
2007-10-02 23:45:18 75328 --a------ C:\WINDOWS\system32\aleilcfx.exe <Not Verified; ; DDC>
2007-10-02 23:01:44 75328 --a------ C:\WINDOWS\system32\ejtqfqwj.exe <Not Verified; ; DDC>
2007-10-02 22:54:24 83008 --a------ C:\WINDOWS\system32\dlmpdjgj.dll
2007-10-02 22:48:17 75328 --a------ C:\WINDOWS\system32\wpfjslxa.exe <Not Verified; ; DDC>
2007-10-02 21:21:14 83008 --a------ C:\WINDOWS\system32\xxityxje.dll
2007-10-02 21:17:56 75328 --a------ C:\WINDOWS\system32\nakikvhv.exe
2007-10-02 18:44:57 83008 --a------ C:\WINDOWS\system32\psuowtuk.dll
2007-10-02 18:42:03 75328 --a------ C:\WINDOWS\system32\isavbsps.exe
2007-10-02 16:58:34 75328 --a------ C:\WINDOWS\system32\ajlghotf.exe <Not Verified; ; DDC>
2007-10-02 15:57:46 83008 --a------ C:\WINDOWS\system32\grabytnl.dll
2007-10-02 15:51:57 75328 --a------ C:\WINDOWS\system32\laotranr.exe
2007-10-02 15:45:28 75328 --a------ C:\WINDOWS\system32\auppwpud.exe <Not Verified; ; DDC>
2007-10-02 15:35:04 77376 --a------ C:\WINDOWS\system32\vadnksyl.dll
2007-10-02 15:34:51 75328 --a------ C:\WINDOWS\system32\foqybckj.exe <Not Verified; ; DDC>
2007-10-01 23:28:52 75328 --a------ C:\WINDOWS\system32\neoaonwf.exe <Not Verified; ; DDC>
2007-10-01 23:14:56 75328 --a------ C:\WINDOWS\system32\karnricq.exe <Not Verified; ; DDC>
2007-10-01 23:09:11 83008 --a------ C:\WINDOWS\system32\bpmfueaq.dll
2007-10-01 23:07:01 75328 --a------ C:\WINDOWS\system32\omxtnkah.exe <Not Verified; ; DDC>
2007-10-01 17:34:52 83008 --a------ C:\WINDOWS\system32\chtivtxf.dll
2007-10-01 17:32:11 75328 --a------ C:\WINDOWS\system32\ngtmibuy.exe
2007-10-01 15:00:58 75328 --a------ C:\WINDOWS\system32\obsqolbj.exe
2007-10-01 10:02:56 75328 --a------ C:\WINDOWS\system32\bfeddgmn.exe
2007-09-30 22:29:45 75328 --a------ C:\WINDOWS\system32\gnhlwlyk.exe
2007-09-30 21:00:50 75328 --a------ C:\WINDOWS\system32\fofesfkm.exe <Not Verified; ; DDC>
2007-09-30 19:21:49 75328 --a------ C:\WINDOWS\system32\fsgakrto.exe <Not Verified; ; DDC>
2007-09-30 17:11:02 75328 --a------ C:\WINDOWS\system32\esycingr.exe <Not Verified; ; DDC>
2007-09-30 16:11:27 75328 --a------ C:\WINDOWS\system32\ucscvhkp.exe <Not Verified; ; DDC>
2007-09-30 13:43:09 75328 --a------ C:\WINDOWS\system32\esamycvg.exe <Not Verified; ; DDC>
2007-09-30 12:33:21 83008 --a------ C:\WINDOWS\system32\aiawujde.dll
2007-09-30 12:23:11 75328 --a------ C:\WINDOWS\system32\rpmkanfu.exe
2007-09-30 04:16:51 75328 --a------ C:\WINDOWS\system32\wjkikrty.exe <Not Verified; ; DDC>
2007-09-30 00:02:17 83008 --a------ C:\WINDOWS\system32\rnqbdsad.dll
2007-09-30 00:02:13 75328 --a------ C:\WINDOWS\system32\grfkocdl.exe <Not Verified; ; DDC>
2007-09-29 23:56:53 75328 --a------ C:\WINDOWS\system32\ebyuqcic.exe <Not Verified; ; DDC>
2007-09-29 00:58:04 83008 --a------ C:\WINDOWS\system32\cqrgyiei.dll
2007-09-29 00:50:27 75328 --a------ C:\WINDOWS\system32\qpnwfycn.exe <Not Verified; ; DDC>
2007-09-28 00:54:55 83008 --a------ C:\WINDOWS\system32\oirrnsth.dll
2007-09-28 00:49:02 75328 --a------ C:\WINDOWS\system32\uukkdryu.exe <Not Verified; ; DDC>
2007-09-27 00:50:18 83008 --a------ C:\WINDOWS\system32\bvqgbdym.dll
2007-09-27 00:47:15 75328 --a------ C:\WINDOWS\system32\rceabpti.exe <Not Verified; ; DDC>
2007-09-26 19:55:36 0 d-------- C:\Documents and Settings\Jolynn\Shared
2007-09-26 00:18:54 75328 --a------ C:\WINDOWS\system32\rwracmko.exe <Not Verified; ; DDC>
2007-09-25 00:24:25 83008 --a------ C:\WINDOWS\system32\voeedkay.dll
2007-09-25 00:18:38 75328 --a------ C:\WINDOWS\system32\bsrqjpij.exe <Not Verified; ; DDC>
2007-09-24 19:54:42 0 d-------- C:\Documents and Settings\Brandon\Application Data\Lavasoft
2007-09-23 23:25:35 83008 --a------ C:\WINDOWS\system32\aisodqjc.dll
2007-09-23 23:22:37 75328 --a------ C:\WINDOWS\system32\mvowxkeb.exe <Not Verified; ; DDC>
2007-09-22 23:19:49 75328 --a------ C:\WINDOWS\system32\lixavkou.exe <Not Verified; ; DDC>
2007-09-22 01:43:29 75328 --a------ C:\WINDOWS\system32\vgkcnebe.exe <Not Verified; ; DDC>
2007-09-21 15:33:36 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Lavasoft
2007-09-21 15:15:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-20 23:16:51 75328 --a------ C:\WINDOWS\system32\rhwwtfeq.exe <Not Verified; ; DDC>
2007-09-19 23:17:14 75328 --a------ C:\WINDOWS\system32\qgragwdn.exe <Not Verified; ; DDC>
2007-09-18 23:18:03 125504 --a------ C:\WINDOWS\system32\ktxxokgv.dll
2007-09-18 23:17:38 75328 --a------ C:\WINDOWS\system32\lmcsoqak.exe <Not Verified; ; DDC>
2007-09-17 23:23:14 125504 --a------ C:\WINDOWS\system32\eohabcsy.dll
2007-09-17 23:17:16 75328 --a------ C:\WINDOWS\system32\ilorxxqn.exe <Not Verified; ; DDC>
2007-09-16 23:17:53 125504 --a------ C:\WINDOWS\system32\tvwesaoo.dll
2007-09-16 23:14:58 75328 --a------ C:\WINDOWS\system32\etrdqyed.exe <Not Verified; ; DDC>
2007-09-15 23:28:04 125504 --a------ C:\WINDOWS\system32\hvrmjxue.dll
2007-09-15 23:19:06 75328 --a------ C:\WINDOWS\system32\eberqggd.exe <Not Verified; ; DDC>
2007-09-14 23:20:03 125504 --a------ C:\WINDOWS\system32\aqttuqkx.dll
2007-09-14 23:14:03 75328 --a------ C:\WINDOWS\system32\bkyrmejm.exe <Not Verified; ; DDC>
2007-09-13 23:16:48 125504 --a------ C:\WINDOWS\system32\soacuuwh.dll
2007-09-13 23:13:52 75328 --a------ C:\WINDOWS\system32\pcrlfriv.exe <Not Verified; ; DDC>
2007-09-13 19:54:59 125504 --a------ C:\WINDOWS\system32\hshyvtvu.dll
2007-09-13 19:52:29 75328 --a------ C:\WINDOWS\system32\kgpqajkt.exe <Not Verified; ; DDC>
2007-09-12 19:55:56 125504 --a------ C:\WINDOWS\system32\gdqdimpg.dll
2007-09-12 19:50:57 75328 --a------ C:\WINDOWS\system32\uhecriiu.exe <Not Verified; ; DDC>
2007-09-11 19:50:18 75328 --a------ C:\WINDOWS\system32\qlwylrbq.exe <Not Verified; ; DDC>
2007-09-10 19:51:38 75328 --a------ C:\WINDOWS\system32\fprohudn.exe <Not Verified; ; DDC>
2007-09-10 07:16:21 125504 --a------ C:\WINDOWS\system32\fmhtyntq.dll
2007-09-10 07:10:22 75328 --a------ C:\WINDOWS\system32\ttjcfmpb.exe <Not Verified; ; DDC>
2007-09-10 00:06:31 0 d-------- C:\Program Files\Pakon
2007-09-09 20:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-09-09 07:11:10 75328 --a------ C:\WINDOWS\system32\wmoocrtv.exe <Not Verified; ; DDC>

-- Find3M Report ---------------------------------------------------------------

2007-10-09 17:29:17 0 d-------- C:\Program Files\LimeWire
2007-10-09 12:26:25 744239 ---hs---- C:\WINDOWS\system32\qtstv.bak1
2007-10-08 21:24:50 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-04 12:31:19 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2007-10-03 17:41:13 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-10-03 17:41:13 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-10-03 17:41:12 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-10-02 23:48:38 0 d-------- C:\Documents and Settings\Jolynn\Application Data\SiteAdvisor
2007-09-21 14:57:57 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Yahoo!
2007-09-19 21:20:53 0 d-------- C:\Program Files\Oberon Media
2007-09-14 21:36:25 0 d-------- C:\Program Files\Yahoo! Games
2007-09-13 23:04:01 0 d-------- C:\Program Files\Common Files
2007-09-10 21:28:50 0 d-------- C:\Program Files\MSN Games
2007-09-08 07:10:24 75328 --a------ C:\WINDOWS\system32\xdyxveft.exe <Not Verified; ; DDC>
2007-09-07 07:08:24 75328 --a------ C:\WINDOWS\system32\lvwvjvpb.exe <Not Verified; ; DDC>
2007-09-05 07:07:30 75328 --a------ C:\WINDOWS\system32\rkngcmxb.exe <Not Verified; ; DDC>
2007-09-04 23:44:29 125504 --a------ C:\WINDOWS\system32\imcfiyvv.dll
2007-09-04 23:41:23 75328 --a------ C:\WINDOWS\system32\imgbpdov.exe <Not Verified; ; DDC>
2007-09-04 22:26:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 23:41:19 75328 --a------ C:\WINDOWS\system32\snfgygya.exe <Not Verified; ; DDC>
2007-09-03 21:39:14 0 d-------- C:\Program Files\Apple Software Update
2007-09-02 23:41:58 75328 --a------ C:\WINDOWS\system32\ytqwbmyg.exe <Not Verified; ; DDC>
2007-09-01 23:43:45 125504 --a------ C:\WINDOWS\system32\pyhvlhdu.dll
2007-09-01 23:40:23 75328 --a------ C:\WINDOWS\system32\tjbhqydh.exe <Not Verified; ; DDC>
2007-08-31 23:38:44 75328 --a------ C:\WINDOWS\system32\skormyls.exe <Not Verified; ; DDC>
2007-08-31 23:35:01 0 d-------- C:\Program Files\Google
2007-08-31 12:36:50 125504 --a------ C:\WINDOWS\system32\gluguxuh.dll
2007-08-31 12:30:54 75328 --a------ C:\WINDOWS\system32\bkwnuxrx.exe <Not Verified; ; DDC>
2007-08-30 10:24:06 75328 --a------ C:\WINDOWS\system32\fvtajbcm.exe <Not Verified; ; DDC>
2007-08-29 10:29:38 125504 --a------ C:\WINDOWS\system32\lkkpqqnf.dll
2007-08-29 10:23:38 75328 --a------ C:\WINDOWS\system32\nhhxrstu.exe <Not Verified; ; DDC>
2007-08-27 20:34:25 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 10:23:35 125504 --a------ C:\WINDOWS\system32\pylyxlup.dll
2007-08-24 10:22:54 125504 --a------ C:\WINDOWS\system32\ywaeudyk.dll
2007-08-23 23:57:34 0 d-------- C:\Documents and Settings\Jolynn\Application Data\iWin
2007-08-22 00:41:38 4096 --a------ C:\WINDOWS\d3dx.dat
2007-08-22 00:39:34 0 d-------- C:\Program Files\Yahoo!
2007-08-21 17:36:30 125504 --a------ C:\WINDOWS\system32\dypwfhuh.dll
2007-08-20 09:51:24 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Google
2007-08-19 20:24:09 0 d-------- C:\Program Files\Java
2007-08-19 20:14:01 0 d-------- C:\Program Files\MUSICMATCH
2007-08-19 20:12:27 0 d-------- C:\Program Files\AIM
2007-08-19 20:12:05 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Aim
2007-08-19 18:18:58 0 d-------- C:\Program Files\exPressit S.E. 2.2
2007-08-19 18:09:40 0 d-------- C:\Program Files\Viewpoint
2007-08-19 17:35:04 125504 --a------ C:\WINDOWS\system32\sfwmpbio.dll
2007-08-18 16:34:19 125504 --a------ C:\WINDOWS\system32\akfpwmey.dll
2007-08-17 16:36:13 125504 --a------ C:\WINDOWS\system32\onafjfwq.dll
2007-08-17 15:47:31 125504 --a------ C:\WINDOWS\system32\sgqpudvd.dll
2007-08-16 03:39:42 243296 --a------ C:\WINDOWS\system32\vtstq.dll
2007-08-15 23:42:50 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Gamelab
2007-08-15 23:25:28 0 d-------- C:\Program Files\Law and Order
2007-08-12 22:52:24 699 --a------ C:\WINDOWS\eReg.dat
2007-08-11 23:16:10 0 d-------- C:\Program Files\Electronic Arts
2007-08-11 23:13:12 0 d-------- C:\Program Files\Maxis
2007-08-10 17:12:46 0 d-------- C:\Documents and Settings\Jolynn\Application Data\LimeWire

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{087F8CED-C273-40A7-B948-0A2949534D15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
07/27/2007 06:20 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B288938-9363-41C4-AEBA-9C17E26E328C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4798DD3D-FC99-47F8-A746-8B2DA32AC760}]
08/16/2007 03:39 AM 243296 --a------ C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
10/02/2007 03:35 PM 77376 --a------ C:\WINDOWS\system32\vadnksyl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A18C2FBC-DAEE-412D-AB72-03399F855874}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE008367-EDD9-438E-88FC-91B2EC07130C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FB7F2D-4338-4EE9-8240-FAD10CD115E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD0C6ACD-8DA8-4E92-AB57-4A51FF523596}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 02:26 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 06:34 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [02/08/2007 09:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 11:25 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [07/13/2007 04:14 PM]
"SearchIndexer"="C:\WINDOWS\system32\wevymonq.dll" [10/09/2007 08:34 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 10:29 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
C:\WINDOWS\system32\vtstq.dll 08/16/2007 03:39 AM 243296 C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

-- End of Deckard's System Scanner: finished at 2007-10-09 21:34:31 ------------

extra-Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 253.98 MiB / 58.98 MiB
Pagefile Memory (total/avail): 624.94 MiB / 246.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.14 MiB

C: is Fixed (NTFS) - 33.18 GiB total, 12.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75JHC0 - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 33.18 GiB - C:
\PARTITION2 - Unknown - 4.02 GiB

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) [color=\"RED\"]Outdated[/color]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:AOL"
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\wEmail Removedexe"="C:\\Program Files\\America Online 9.0\\wEmail Removedexe:*:Enabled:AOL"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\PlaxoSoftware.exe"="C:\\WINDOWS\\system32\\PlaxoSoftware.exe:*:Disabled:PlaxoSoftware"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\p2pnetworks\\p2pnetworks.exe"="C:\\Program Files\\p2pnetworks\\p2pnetworks.exe:*:Enabled:P2PNetworks"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\rtxgxsvu.exe"="C:\\WINDOWS\\system32\\rtx"
"C:\\WINDOWS\\system32\\xikdimpx.exe"="C:\\WINDOWS\\system32\\xik"
"C:\\WINDOWS\\system32\\bsrqjpij.exe"="C:\\WINDOWS\\system32\\bsr"
"C:\\WINDOWS\\system32\\ucscvhkp.exe"="C:\\WINDOWS\\system32\\ucs"
"C:\\WINDOWS\\system32\\ubrxbynk.exe"="C:\\WINDOWS\\system32\\ubr"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jolynn\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jolynn
LOGONSERVER=\\FAMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jolynn\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jolynn\LOCALS~1\Temp
USERDOMAIN=FAMILY
USERNAME=Jolynn
USERPROFILE=C:\Documents and Settings\Jolynn
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Lisa (admin)
Brandon (admin)
Jolynn (admin)
Rochelle (admin)
Chelsi (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Build-a-lot --> C:\PROGRA~1\GAMEHO~1\BUILD-~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BUILD-~1\INSTALL.LOG
Collector's Edition 251 --> C:\PROGRA~1\eGames\COLLEC~1\UNWISE.EXE C:\PROGRA~1\eGames\COLLEC~1\INSTALL.LOG
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DownloadManager --> "C:\Program Files\DownloadManager\uninst.exe"
DrawPlus 3.0 --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL1.isu"
DVD X Rescue --> C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
Dynomite Deluxe 2.70y --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Garden Dreams --> C:\PROGRA~1\GAMEHO~1\GARDEN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GARDEN~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
ICopyDVDs2 4.0.0 --> "C:\Program Files\ICopyDVDs2\uninstall.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Works 2005 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Vongo --> MsiExec.exe /X{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9540 / Error
Event Submitted/Written: 10/09/2007 05:38:15 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type9539 / Error
Event Submitted/Written: 10/09/2007 05:28:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order

guestolo · « **Reply #3 on:** October 09, 2007, 09:46:20 PM »

Thanks for the logs, can you just leave dss.exe on desktop for now, we may need it again later

This time, can you do the following
Let's see what we can clean with the next tool
We will have some leftovers to deal with

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I need you to post back here all the following
1. Post the log from Combofix
2. Post a fresh HijackThis log

roydede · « **Reply #4 on:** October 09, 2007, 09:58:12 PM »

sorry but im doing as i was told and it keeps saying "Compsec error" , "The COMSPEC environment variable was found to be corrupt. ComboFix has attempted repairs & will need to restart."

ive clicked ok like 10 times already and i keep getting a red screen but before that it says nircmd not recognized as an internal or external command. now what ?

guestolo · « **Reply #5 on:** October 09, 2007, 10:02:25 PM »

Combofix may correct itself on the next run
Try this ensure combofix is completely shut down, then try running it again
Let me know what happens

Edit>>Also ensure that McAfee's isn't interfering with the fix

Edit again, if you can not possibly get combofix to work in Normal windows
Do the following
Reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

Try running combofix again in safe mode
When done it should reboot the computer back to Normal windows
See if that helps

roydede · « **Reply #6 on:** October 09, 2007, 10:49:03 PM »

ComboFix 07-10-09.3 - Jolynn 2007-10-09 22:13:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -5:00]
Running from: C:\Documents and Settings\Jolynn\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jolynn\err.log
C:\Program Files\downloadmanager\agent.dll
C:\Program Files\downloadmanager\api.exe
C:\Program Files\downloadmanager\insdl.dll
C:\Program Files\downloadmanager\mptray.exe
C:\Program Files\downloadmanager\mpupdate.exe
C:\Program Files\downloadmanager\p2pinst.exe
C:\Program Files\downloadmanager\p2pl.exe
C:\Program Files\mediapipe
C:\Program Files\mediapipe\ItBill_terms.txt
C:\Program Files\mediapipe\register.dll
C:\UWA7P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aiawujde.dll
C:\WINDOWS\system32\aisodqjc.dll
C:\WINDOWS\system32\ajlghotf.exe
C:\WINDOWS\system32\akfpwmey.dll
C:\WINDOWS\system32\aleilcfx.exe
C:\WINDOWS\system32\amjsudtr.exe
C:\WINDOWS\system32\aonkrvyu.exe
C:\WINDOWS\system32\apoejafw.dll
C:\WINDOWS\system32\aqttuqkx.dll
C:\WINDOWS\system32\auppwpud.exe
C:\WINDOWS\system32\bjmtfxbt.dll
C:\WINDOWS\system32\bkwnuxrx.exe
C:\WINDOWS\system32\bkyrmejm.exe
C:\WINDOWS\system32\bpmfueaq.dll
C:\WINDOWS\system32\bsrqjpij.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bvqgbdym.dll
C:\WINDOWS\system32\bxweofmw.exe
C:\WINDOWS\system32\cbkvmfcf.dll
C:\WINDOWS\system32\chtivtxf.dll
C:\WINDOWS\system32\cjqdosia.ini
C:\WINDOWS\system32\cqrgyiei.dll
C:\WINDOWS\system32\dasdbqnr.ini
C:\WINDOWS\system32\dfyocmvw.dll
C:\WINDOWS\system32\dibdcikd.exe
C:\WINDOWS\system32\dlmpdjgj.dll
C:\WINDOWS\system32\dvdupqgs.ini
C:\WINDOWS\system32\dypwfhuh.dll
C:\WINDOWS\system32\eberqggd.exe
C:\WINDOWS\system32\ebyuqcic.exe
C:\WINDOWS\system32\edjuwaia.ini
C:\WINDOWS\system32\ejtqfqwj.exe
C:\WINDOWS\system32\ejwydars.dll
C:\WINDOWS\system32\ejxytixx.ini
C:\WINDOWS\system32\envjysqc.exe
C:\WINDOWS\system32\eohabcsy.dll
C:\WINDOWS\system32\erakmnam.ini
C:\WINDOWS\system32\erarfpai.dll
C:\WINDOWS\system32\esamycvg.exe
C:\WINDOWS\system32\esycingr.exe
C:\WINDOWS\system32\etgyispb.exe
C:\WINDOWS\system32\etrdqyed.exe
C:\WINDOWS\system32\euxjmrvh.ini
C:\WINDOWS\system32\fcfmvkbc.ini
C:\WINDOWS\system32\fenbmtwj.exe
C:\WINDOWS\system32\fmhtyntq.dll
C:\WINDOWS\system32\fnqqpkkl.ini
C:\WINDOWS\system32\fofesfkm.exe
C:\WINDOWS\system32\foqybckj.exe
C:\WINDOWS\system32\fprohudn.exe
C:\WINDOWS\system32\fqslkegu.ini
C:\WINDOWS\system32\fsgakrto.exe
C:\WINDOWS\system32\fvhuamji.exe
C:\WINDOWS\system32\fvtajbcm.exe
C:\WINDOWS\system32\fwptqapm.dll
C:\WINDOWS\system32\fxsiprjx.dll
C:\WINDOWS\system32\fxtvithc.ini
C:\WINDOWS\system32\gaadcqvj.ini
C:\WINDOWS\system32\gapgnavx.exe
C:\WINDOWS\system32\gccatdpo.exe
C:\WINDOWS\system32\gdqdimpg.dll
C:\WINDOWS\system32\gluguxuh.dll
C:\WINDOWS\system32\gpmidqdg.ini
C:\WINDOWS\system32\grabytnl.dll
C:\WINDOWS\system32\grfkocdl.exe
C:\WINDOWS\system32\hkqavjml.exe
C:\WINDOWS\system32\hshyvtvu.dll
C:\WINDOWS\system32\htsnrrio.ini
C:\WINDOWS\system32\huhfwpyd.ini
C:\WINDOWS\system32\huxugulg.ini
C:\WINDOWS\system32\hvldiwhy.exe
C:\WINDOWS\system32\hvrmjxue.dll
C:\WINDOWS\system32\hwuucaos.ini
C:\WINDOWS\system32\iapfrare.ini
C:\WINDOWS\system32\ieiygrqc.ini
C:\WINDOWS\system32\ifedsbhx.ini
C:\WINDOWS\system32\ilorxxqn.exe
C:\WINDOWS\system32\ilxvwgju.exe
C:\WINDOWS\system32\imcfiyvv.dll
C:\WINDOWS\system32\imgbpdov.exe
C:\WINDOWS\system32\jbhnkhat.dll
C:\WINDOWS\system32\jgjdpmld.ini
C:\WINDOWS\system32\jopiatda.exe
C:\WINDOWS\system32\jtbyrooj.exe
C:\WINDOWS\system32\jvnjckqk.ini
C:\WINDOWS\system32\jvoedwyt.dll
C:\WINDOWS\system32\jvqcdaag.dll
C:\WINDOWS\system32\jwqghenw.exe
C:\WINDOWS\system32\karnricq.exe
C:\WINDOWS\system32\kgpqajkt.exe
C:\WINDOWS\system32\kmalovfq.ini
C:\WINDOWS\system32\kqkcjnvj.dll
C:\WINDOWS\system32\ktxxokgv.dll
C:\WINDOWS\system32\kutwousp.ini
C:\WINDOWS\system32\kxxmyptm.dll
C:\WINDOWS\system32\kydueawy.ini
C:\WINDOWS\system32\kydueawy.tmp
C:\WINDOWS\system32\lbdjhumk.exe
C:\WINDOWS\system32\lgcbsxvq.exe
C:\WINDOWS\system32\lixavkou.exe
C:\WINDOWS\system32\lkkpqqnf.dll
C:\WINDOWS\system32\lmcsoqak.exe
C:\WINDOWS\system32\lntybarg.ini
C:\WINDOWS\system32\lvwvjvpb.exe
C:\WINDOWS\system32\manmkare.dll
C:\WINDOWS\system32\mbxeoduu.dll
C:\WINDOWS\system32\mfytlfjf.exe
C:\WINDOWS\system32\mpaqtpwf.ini
C:\WINDOWS\system32\mtpymxxk.ini
C:\WINDOWS\system32\mvowxkeb.exe
C:\WINDOWS\system32\mydbgqvb.ini
C:\WINDOWS\system32\naiuelfk.exe
C:\WINDOWS\system32\neoaonwf.exe
C:\WINDOWS\system32\nhhxrstu.exe
C:\WINDOWS\system32\npowpqtm.exe
C:\WINDOWS\system32\nsjopuux.ini
C:\WINDOWS\system32\oibpmwfs.ini
C:\WINDOWS\system32\oirrnsth.dll
C:\WINDOWS\system32\omxtnkah.exe
C:\WINDOWS\system32\onafjfwq.dll
C:\WINDOWS\system32\ooasewvt.ini
C:\WINDOWS\system32\pcrlfriv.exe
C:\WINDOWS\system32\psuowtuk.dll
C:\WINDOWS\system32\pulxylyp.ini
C:\WINDOWS\system32\pyhvlhdu.dll
C:\WINDOWS\system32\pylyxlup.dll
C:\WINDOWS\system32\qaeufmpb.ini
C:\WINDOWS\system32\qanwvrbr.dll
C:\WINDOWS\system32\qfvolamk.dll
C:\WINDOWS\system32\qgragwdn.exe
C:\WINDOWS\system32\qhtooscy.dll
C:\WINDOWS\system32\qlwylrbq.exe
C:\WINDOWS\system32\qnomyvew.ini
C:\WINDOWS\system32\qpnwfycn.exe
C:\WINDOWS\system32\qtfkhlke.exe
C:\WINDOWS\system32\qtnythmf.ini
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qwfjfano.ini
C:\WINDOWS\system32\qxxlkocx.exe
C:\WINDOWS\system32\qyeyonou.dll
C:\WINDOWS\system32\rbrvwnaq.ini
C:\WINDOWS\system32\rceabpti.exe
C:\WINDOWS\system32\rhwwtfeq.exe
C:\WINDOWS\system32\rkigoruw.exe
C:\WINDOWS\system32\rkngcmxb.exe
C:\WINDOWS\system32\rnqbdsad.dll
C:\WINDOWS\system32\rwracmko.exe
C:\WINDOWS\system32\rxtqwvng.exe
C:\WINDOWS\system32\sfwmpbio.dll
C:\WINDOWS\system32\sgqpudvd.dll
C:\WINDOWS\system32\skormyls.exe
C:\WINDOWS\system32\snfgygya.exe
C:\WINDOWS\system32\snkpijwh.exe
C:\WINDOWS\system32\soacuuwh.dll
C:\WINDOWS\system32\sradywje.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\suiwuylu.dll
C:\WINDOWS\system32\tahknhbj.ini
C:\WINDOWS\system32\tbxftmjb.ini2
C:\WINDOWS\system32\tbxftmjb.ini2
C:\WINDOWS\system32\tbxftmjb.tmp
C:\WINDOWS\system32\tbxftmjb.tmp
C:\WINDOWS\system32\tjbhqydh.exe
C:\WINDOWS\system32\ttjcfmpb.exe
C:\WINDOWS\system32\tufqconb.exe
C:\WINDOWS\system32\tvwesaoo.dll
C:\WINDOWS\system32\tywdeovj.ini
C:\WINDOWS\system32\ubrxbynk.exe
C:\WINDOWS\system32\ucscvhkp.exe
C:\WINDOWS\system32\udhlvhyp.ini
C:\WINDOWS\system32\ugeklsqf.dll
C:\WINDOWS\system32\uggrqrag.exe
C:\WINDOWS\system32\uhecriiu.exe
C:\WINDOWS\system32\ulyuwius.ini
C:\WINDOWS\system32\uonoyeyq.ini
C:\WINDOWS\system32\uudoexbm.ini
C:\WINDOWS\system32\uukkdryu.exe
C:\WINDOWS\system32\uvtvyhsh.ini
C:\WINDOWS\system32\uwxqmooe.exe
C:\WINDOWS\system32\vadnksyl.dll
C:\WINDOWS\system32\vgkcnebe.exe
C:\WINDOWS\system32\vgkoxxtk.ini
C:\WINDOWS\system32\vgkoxxtk.tmp
C:\WINDOWS\system32\virdigbw.ini
C:\WINDOWS\system32\voeedkay.dll
C:\WINDOWS\system32\vqovrxba.exe
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vvyifcmi.ini
C:\WINDOWS\system32\wbgidriv.dll
C:\WINDOWS\system32\wevymonq.dll
C:\WINDOWS\system32\wfajeopa.ini
C:\WINDOWS\system32\wjkikrty.exe
C:\WINDOWS\system32\wmoocrtv.exe
C:\WINDOWS\system32\wncxuwdd.exe
C:\WINDOWS\system32\wpfjslxa.exe
C:\WINDOWS\system32\wvmcoyfd.ini
C:\WINDOWS\system32\wxcvuxlo.exe
C:\WINDOWS\system32\xdyxveft.exe
C:\WINDOWS\system32\xhbsdefi.dll
C:\WINDOWS\system32\xjrpisxf.ini
C:\WINDOWS\system32\xkquttqa.ini
C:\WINDOWS\system32\xuupojsn.dll
C:\WINDOWS\system32\xxityxje.dll
C:\WINDOWS\system32\yakdeeov.ini
C:\WINDOWS\system32\ycfsxlle.exe
C:\WINDOWS\system32\ycsoothq.ini
C:\WINDOWS\system32\yemwpfka.ini
C:\WINDOWS\system32\yfyqbmrc.exe
C:\WINDOWS\system32\yppefkin.exe
C:\WINDOWS\system32\yscbahoe.ini
C:\WINDOWS\system32\yshylolw.exe
C:\WINDOWS\system32\ytqwbmyg.exe
C:\WINDOWS\system32\ywaeudyk.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 22:30 83,008 --a------ C:\WINDOWS\system32\ylxxjgku.dll
2007-10-09 22:25 75,328 --a------ C:\WINDOWS\system32\uxtgxvit.exe
2007-10-09 22:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 21:25 <DIR> d-------- C:\Deckard
2007-10-09 21:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-09 18:33 736,075 --ahs---- C:\WINDOWS\system32\qtstv.ini2
2007-10-09 17:45 75,328 --a------ C:\WINDOWS\system32\vgvhueex.exe
2007-10-09 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-09 12:16 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-08 22:47 75,328 --a------ C:\WINDOWS\system32\homokjxa.exe
2007-10-08 15:31 75,328 --a------ C:\WINDOWS\system32\ljcfatra.exe
2007-10-07 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-07 02:52 <DIR> d-------- C:\Documents and Settings\Brandon\Application Data\GameHouse
2007-10-07 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-10-07 02:51 <DIR> d-------- C:\Program Files\GameHouse
2007-10-05 01:33 75,328 --a------ C:\WINDOWS\system32\vxsajemr.exe
2007-10-03 20:58 75,328 --a------ C:\WINDOWS\system32\hinqntvk.exe
2007-10-03 15:13 75,328 --a------ C:\WINDOWS\system32\hhujnuqk.exe
2007-10-03 15:00 75,328 --a------ C:\WINDOWS\system32\nwugslfr.exe
2007-10-03 14:35 75,328 --a------ C:\WINDOWS\system32\jtygmaah.exe
2007-10-03 13:31 164 --a------ C:\install.dat
2007-10-03 10:40 75,328 --a------ C:\WINDOWS\system32\bxkfowng.exe
2007-10-02 21:17 75,328 --a------ C:\WINDOWS\system32\nakikvhv.exe
2007-10-02 18:42 75,328 --a------ C:\WINDOWS\system32\isavbsps.exe
2007-10-02 15:51 75,328 --a------ C:\WINDOWS\system32\laotranr.exe
2007-10-01 17:32 75,328 --a------ C:\WINDOWS\system32\ngtmibuy.exe
2007-10-01 15:00 75,328 --a------ C:\WINDOWS\system32\obsqolbj.exe
2007-10-01 10:02 75,328 --a------ C:\WINDOWS\system32\bfeddgmn.exe
2007-09-30 22:29 75,328 --a------ C:\WINDOWS\system32\gnhlwlyk.exe
2007-09-30 12:23 75,328 --a------ C:\WINDOWS\system32\rpmkanfu.exe
2007-09-26 19:55 <DIR> d-------- C:\Documents and Settings\Jolynn\Shared
2007-09-24 19:54 <DIR> d-------- C:\Documents and Settings\Brandon\Application Data\Lavasoft
2007-09-21 15:33 <DIR> d-------- C:\Documents and Settings\Jolynn\Application Data\Lavasoft
2007-09-21 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-10 00:06 <DIR> d-------- C:\Program Files\Pakon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 03:41 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\SiteAdvisor
2007-10-10 03:36 --------- d-----w C:\Program Files\DownloadManager
2007-10-09 22:29 --------- d-----w C:\Program Files\LimeWire
2007-10-09 02:24 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-04 17:31 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2007-10-03 22:41 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-10-03 22:41 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-10-03 22:41 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-09-21 19:57 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\Yahoo!
2007-09-20 02:20 --------- d-----w C:\Program Files\Oberon Media
2007-09-18 03:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-15 02:36 --------- d-----w C:\Program Files\Yahoo! Games
2007-09-11 02:28 --------- d-----w C:\Program Files\MSN Games
2007-09-10 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-09-10 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2007-09-05 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-05 03:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-04 02:39 --------- d-----w C:\Program Files\Apple Software Update
2007-09-01 06:27 --------- d-----w C:\Documents and Settings\Brandon\Application Data\CyberLink
2007-09-01 04:35 --------- d-----w C:\Program Files\Google
2007-09-01 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google
2007-08-28 01:34 --------- d-----w C:\Program Files\MSN Messenger
2007-08-24 19:54 --------- d-----w C:\Documents and Settings\Brandon\Application Data\SiteAdvisor
2007-08-24 04:57 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\iWin
2007-08-22 08:27 --------- d-----w C:\Documents and Settings\Brandon\Application Data\Yahoo!
2007-08-22 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-22 05:39 --------- d-----w C:\Program Files\Yahoo!
2007-08-22 05:04 --------- d-----w C:\Documents and Settings\Brandon\Application Data\Google
2007-08-20 14:51 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\Google
2007-08-20 01:14 --------- d-----w C:\Program Files\MUSICMATCH
2007-08-20 01:12 --------- d-----w C:\Program Files\AIM
2007-08-20 01:12 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\Aim
2007-08-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-08-19 23:18 --------- d-----w C:\Program Files\exPressit S.E. 2.2
2007-08-19 23:09 --------- d-----w C:\Program Files\Viewpoint
2007-08-19 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-19 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-08-16 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-08-16 04:42 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\Gamelab
2007-08-16 04:25 --------- d-----w C:\Program Files\Law and Order
2007-08-13 03:53 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-12 04:16 --------- d-----w C:\Program Files\Electronic Arts
2007-08-12 04:13 --------- d-----w C:\Program Files\Maxis
2007-08-10 22:12 --------- d-----w C:\Documents and Settings\Jolynn\Application Data\LimeWire
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-02-24 14:51 26,922 ----a-w C:\Program Files\MoviePass Terms.html
2006-02-17 01:06 0 ----a-w C:\Documents and Settings\Jolynn\Application Data\wklnhst.dat
2006-01-24 17:09:45 56 --sh--r C:\WINDOWS\system32\9860317951.sys
2006-01-24 17:09:47 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{087F8CED-C273-40A7-B948-0A2949534D15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B288938-9363-41C4-AEBA-9C17E26E328C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{894A8767-586D-4A5D-BE27-00027453223E}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A18C2FBC-DAEE-412D-AB72-03399F855874}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE008367-EDD9-438E-88FC-91B2EC07130C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FB7F2D-4338-4EE9-8240-FAD10CD115E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD0C6ACD-8DA8-4E92-AB57-4A51FF523596}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [2007-02-08 21:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-07-13 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Documents and Settings\Brandon\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2006-10-12 19:37:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-27 01:15:57]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2005-11-14 14:37:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 DomainService;DomainService;C:\WINDOWS\system32\ubrxbynk.exe /service

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 02:38:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-05 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (FAMILY-Lisa).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-09-15 06:22:24 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 06:21:09 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 22:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-09 22:46:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 22:45
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:55 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vongo\VongoService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {087F8CED-C273-40A7-B948-0A2949534D15} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3B288938-9363-41C4-AEBA-9C17E26E328C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894A8767-586D-4A5D-BE27-00027453223E} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A18C2FBC-DAEE-412D-AB72-03399F855874} - (no file)
O2 - BHO: (no name) - {BE008367-EDD9-438E-88FC-91B2EC07130C} - (no file)
O2 - BHO: (no name) - {C5FB7F2D-4338-4EE9-8240-FAD10CD115E4} - (no file)
O2 - BHO: (no name) - {CD0C6ACD-8DA8-4E92-AB57-4A51FF523596} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...06bc5dfc78ec69e
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ubrxbynk.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 9847 bytes

guestolo · « **Reply #7 on:** October 09, 2007, 11:19:48 PM »

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.93 MB).

DON'T install it yet

Close all browser windows, including this one
# Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
# Check any item with Java Runtime Environment (JRE or J2SE) in the name
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
Examples of older versions:
Java SE Runtime Environment 5 Update 6
Java SE Runtime Environment 5 Update 11
Java 2 Runtime Environment, SE v1.4.2

Also suggest that you remove
Viewpoint Manager
Typically gets unknowing installed

===Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kazaa\\kazaa.exe"=-
"C:\\Program Files\\p2pnetworks\\p2pnetworks.exe"=-
"C:\\WINDOWS\\system32\\rtxgxsvu.exe"=-
"C:\\WINDOWS\\system32\\xikdimpx.exe"=-
"C:\\WINDOWS\\system32\\bsrqjpij.exe"=-
"C:\\WINDOWS\\system32\\ucscvhkp.exe"=-
"C:\\WINDOWS\\system32\\ubrxbynk.exe"=-

Double click on fix.reg
Allow to add/merge to the registry at the prompt

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {087F8CED-C273-40A7-B948-0A2949534D15} - (no file)

O2 - BHO: (no name) - {3B288938-9363-41C4-AEBA-9C17E26E328C} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894A8767-586D-4A5D-BE27-00027453223E} - C:\WINDOWS\system32\vtstq.dll (file missing)

O2 - BHO: (no name) - {A18C2FBC-DAEE-412D-AB72-03399F855874} - (no file)
O2 - BHO: (no name) - {BE008367-EDD9-438E-88FC-91B2EC07130C} - (no file)
O2 - BHO: (no name) - {C5FB7F2D-4338-4EE9-8240-FAD10CD115E4} - (no file)
O2 - BHO: (no name) - {CD0C6ACD-8DA8-4E92-AB57-4A51FF523596} - (no file)

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...06bc5dfc78ec69e
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ubrxbynk.exe (file missing)

O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================

C:\WINDOWS\system32\ylxxjgku.dll
C:\WINDOWS\system32\uxtgxvit.exe
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\vgvhueex.exe
C:\WINDOWS\system32\homokjxa.exe
C:\WINDOWS\system32\ljcfatra.exe
C:\WINDOWS\system32\vxsajemr.exe
C:\WINDOWS\system32\hinqntvk.exe
C:\WINDOWS\system32\hhujnuqk.exe
C:\WINDOWS\system32\nwugslfr.exe
C:\WINDOWS\system32\jtygmaah.exe
C:\WINDOWS\system32\bxkfowng.exe
C:\WINDOWS\system32\nakikvhv.exe
C:\WINDOWS\system32\isavbsps.exe
C:\WINDOWS\system32\laotranr.exe
C:\WINDOWS\system32\ngtmibuy.exe
C:\WINDOWS\system32\obsqolbj.exe
C:\WINDOWS\system32\bfeddgmn.exe
C:\WINDOWS\system32\gnhlwlyk.exe
C:\WINDOWS\system32\rpmkanfu.exe
C:\WINDOWS\warnhp.html
C:\WINDOWS\system32\rtxgxsvu.exe
C:\WINDOWS\system32\xikdimpx.exe
C:\WINDOWS\system32\bsrqjpij.exe
C:\WINDOWS\system32\ucscvhkp.exe
C:\WINDOWS\system32\ubrxbynk.exe

======================================================
Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt.

[color=\"red\"]Note[/color]: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

NOTE: If you are not asked to reboot the machine, can you reboot manually anyways
Earlier fixes we did need you to restart the comptuer

OTMoveIt will create a log here
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run., I'll need to see this log in a bit

Back in Windows, go ahead and install the latest version of Java from the installer on desktop

Could you run dss.exe again from desktop
When done post the contents again of main.txt only

Also post the log from OTMoveIt
keep me informed how things are running

roydede · « **Reply #8 on:** October 10, 2007, 01:42:03 AM »

Deckard's System Scanner v20070905.67
Run by Jolynn on 2007-10-10 01:37:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 254 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Jolynn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:18 AM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jolynn\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jolynn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 8381 bytes

-- Files created between 2007-09-10 and 2007-10-10 -----------------------------

2007-10-10 01:34:51 0 d-------- C:\Program Files\Common Files\Java
2007-10-09 23:18:56 35021 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-09 23:18:50 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-09 23:18:50 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-10-09 23:11:08 0 d-------- C:\Program Files\Diablo II
2007-10-09 21:13:59 0 d-------- C:\Program Files\Trend Micro
2007-10-09 16:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-09 12:16:42 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-09 12:16:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-10-07 02:53:13 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-07 02:52:56 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-10-07 02:52:02 0 d-------- C:\Documents and Settings\Brandon\Application Data\GameHouse
2007-10-07 02:51:44 0 d-------- C:\Program Files\GameHouse
2007-10-03 15:32:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-03 15:32:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-10-03 15:32:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-03 15:32:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-03 15:32:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-03 15:32:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-10-03 15:32:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-03 15:32:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-03 15:32:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-03 15:32:00 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-03 15:32:00 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-10-03 15:32:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-03 15:31:59 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-03 13:31:52 164 --a------ C:\install.dat
2007-09-26 19:55:36 0 d-------- C:\Documents and Settings\Jolynn\Shared
2007-09-24 19:54:42 0 d-------- C:\Documents and Settings\Brandon\Application Data\Lavasoft
2007-09-21 15:33:36 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Lavasoft
2007-09-21 15:15:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-10 00:06:31 0 d-------- C:\Program Files\Pakon

-- Find3M Report ---------------------------------------------------------------

2007-10-10 01:35:49 0 d-------- C:\Program Files\Java
2007-10-10 01:34:51 0 d-------- C:\Program Files\Common Files
2007-10-09 23:34:26 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-09 23:30:57 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-10-09 23:30:56 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-10-09 23:30:56 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-10-09 22:41:20 0 d-------- C:\Documents and Settings\Jolynn\Application Data\SiteAdvisor
2007-10-09 22:36:18 0 d-------- C:\Program Files\DownloadManager
2007-10-09 17:29:17 0 d-------- C:\Program Files\LimeWire
2007-10-04 12:31:19 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2007-09-21 14:57:57 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Yahoo!
2007-09-19 21:20:53 0 d-------- C:\Program Files\Oberon Media
2007-09-14 21:36:25 0 d-------- C:\Program Files\Yahoo! Games
2007-09-10 21:28:50 0 d-------- C:\Program Files\MSN Games
2007-09-04 22:26:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 21:39:14 0 d-------- C:\Program Files\Apple Software Update
2007-08-31 23:35:01 0 d-------- C:\Program Files\Google
2007-08-27 20:34:25 0 d-------- C:\Program Files\MSN Messenger
2007-08-23 23:57:34 0 d-------- C:\Documents and Settings\Jolynn\Application Data\iWin
2007-08-22 00:41:38 4096 --a------ C:\WINDOWS\d3dx.dat
2007-08-22 00:39:34 0 d-------- C:\Program Files\Yahoo!
2007-08-20 09:51:24 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Google
2007-08-19 20:14:01 0 d-------- C:\Program Files\MUSICMATCH
2007-08-19 20:12:27 0 d-------- C:\Program Files\AIM
2007-08-19 20:12:05 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Aim
2007-08-19 18:18:58 0 d-------- C:\Program Files\exPressit S.E. 2.2
2007-08-15 23:42:50 0 d-------- C:\Documents and Settings\Jolynn\Application Data\Gamelab
2007-08-15 23:25:28 0 d-------- C:\Program Files\Law and Order
2007-08-12 22:52:24 699 --a------ C:\WINDOWS\eReg.dat
2007-08-11 23:16:10 0 d-------- C:\Program Files\Electronic Arts
2007-08-11 23:13:12 0 d-------- C:\Program Files\Maxis
2007-08-10 17:12:46 0 d-------- C:\Documents and Settings\Jolynn\Application Data\LimeWire

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
07/27/2007 06:20 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 02:26 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 06:34 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [02/08/2007 09:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 11:25 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [07/13/2007 04:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/2006 10:29 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

-- End of Deckard's System Scanner: finished at 2007-10-10 01:38:57 ------------

ot log here ->

LoadLibrary failed for C:\WINDOWS\system32\ylxxjgku.dll
C:\WINDOWS\system32\ylxxjgku.dll NOT unregistered.
C:\WINDOWS\system32\ylxxjgku.dll moved successfully.
C:\WINDOWS\system32\uxtgxvit.exe moved successfully.
C:\WINDOWS\system32\qtstv.ini2 moved successfully.
C:\WINDOWS\system32\vgvhueex.exe moved successfully.
C:\WINDOWS\system32\homokjxa.exe moved successfully.
C:\WINDOWS\system32\ljcfatra.exe moved successfully.
C:\WINDOWS\system32\vxsajemr.exe moved successfully.
C:\WINDOWS\system32\hinqntvk.exe moved successfully.
C:\WINDOWS\system32\hhujnuqk.exe moved successfully.
C:\WINDOWS\system32\nwugslfr.exe moved successfully.
C:\WINDOWS\system32\jtygmaah.exe moved successfully.
C:\WINDOWS\system32\bxkfowng.exe moved successfully.
C:\WINDOWS\system32\nakikvhv.exe moved successfully.
File move failed. C:\WINDOWS\system32\isavbsps.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\laotranr.exe moved successfully.
C:\WINDOWS\system32\ngtmibuy.exe moved successfully.
C:\WINDOWS\system32\obsqolbj.exe moved successfully.
C:\WINDOWS\system32\bfeddgmn.exe moved successfully.
C:\WINDOWS\system32\gnhlwlyk.exe moved successfully.
C:\WINDOWS\system32\rpmkanfu.exe moved successfully.
File/Folder C:\WINDOWS\warnhp.html not found.
File/Folder C:\WINDOWS\system32\rtxgxsvu.exe not found.
File/Folder C:\WINDOWS\system32\xikdimpx.exe not found.
File/Folder C:\WINDOWS\system32\bsrqjpij.exe not found.
File/Folder C:\WINDOWS\system32\ucscvhkp.exe not found.
File/Folder C:\WINDOWS\system32\ubrxbynk.exe not found.

Created on 10/10/2007 01:23:15

guestolo · « **Reply #9 on:** October 10, 2007, 08:30:18 AM »

That's looking better, how is everything?

Can you run an online scanner for me please

Temporarily disable McAfee's realtime protection
Using browser Internet Explorer
Run an online virus scan at [color=\"#2E8B57\"]Kaspersky's[/color]
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now under select a target to scan:

Select My Computer

This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

Save the file to your desktop. I will need to see it later

Post back that report please

TheTechGuide Forum

News:

Author Topic: need help bad (Read 1383 times)

roydede

need help bad

guestolo

need help bad

roydede

need help bad

guestolo

need help bad

roydede

need help bad

guestolo

need help bad

roydede

need help bad

guestolo

need help bad

roydede

need help bad

guestolo

need help bad